Cotton Traders Website hacked

Be_Happy

Just read on news that Cotton Traders online site had been hacked earlier this year and the details of 38,000 customers stolen.

I must have been one of these customers. I dealt with this company online during April and May and was contacted by my Card Company that they had detected a suspicious transaction on my account and they closed the account and issued a new card. Someone was attempting a 'test purchase'.

I'm glad my card company reacted so quickly as I certainly had no warning from Cotton Traders that there had been a problem. According to the news item Cotton Traders seem relatively unconcerned about the security breach and try to assure us that all necessary steps were taken when they discovered the issue. They send me sales e-mails almost weekly, surely a general security note could have been added to all customers that there had been a 'hack' and I would have notified my card company immediately.

Just heard on the news that the hacking was much earlier this year, so seems to have been before my April and May purchases, but I've been buying regularly from the company for a few years now.

vivmagb

I too am a regular Cotton Traders customer and have had my card used in an unlawful transaction, my bank were not so quick to pick up on it but they did refund my money, but I had to go thro the hassle of a cancelled card etc. I have just sent Cotton Traders an email to say that I wont be using them any more as I felt that they should have alerted all their customers about it so that we could take some action to prevent any possible use of our cards.

Be_Happy

I'm doing the same to them. I don't blame them for the website being hacked, but I do object strongly to their knowing there had been a security problem and not telling customers. Judging from the news item, this information about the hacking had been discovered by news reporters, so Cotton Traders were obviously hoping no one would find out.

Had they come clean as soon as they found out they could have saved so much inconvenience to card holders.

Since it says the hackers also got addresses, I assume this includes e-mail addresses and no doubt we'll be plagued by even more spam than usual.

taurusgb

This would explain why I was contacted by Marks and Spencer and More card fraud unit a couple of months ago when they picked up on what they thought was a test purchase of 51p on apple i tunes when I hadn't used the card for about 4 months. I was impressed at the time that they were on to this so fast- I was going to cancel the card but their efficiency changed my mind -Shan't be using cotton traders again either.

HairyHatMan

taurusgb wrote: »

I was contacted by Marks and Spencer and More card fraud unit a couple of months ago when they picked up on what they thought was a test purchase of 51p on apple i tunes

Exactly the same with me: iTunes purchase of 51p. Thank goodness Tesco Personal Finance's fraud department are on the ball.

mandym

...and exactly the same 51p with me, picked up, luckily, by Alliance & Leicester a day after funds from my re-mortgage were credited to my account, it could have been very nasty!

I was away from home so the bank couldn't contact me so they froze my account until I contacted them when my card wouldn't work (luckily I hadn't gone to use it to pay after filling my car with petrol!). I was issued with a new card.

I'm a regular Cotton Traders' customer and feel very disappointed that customers that were potentially at risk by the hacking episode were not warned.

Premier_2

Maybe some comments and their respective sources here might stop the panic in light of the "I shop at Cotton Traders. I've had unauthorised transacations on my credit card. Ergo Cotton Traders are to blame" type of posts.

1. Cotton traders have over 2 million customers on their database
Source: PA. http://ukpress.google.com/article/ALeqM5i4S5CdnTvmSYV2NSjykwxtKRpTcQ

2. The BBC claimed that up to 38 000 of those customers may have had their account details stolen.
Source: BBC http://news.bbc.co.uk/1/hi/technology/7446871.stm

3. Whilst the company accepts there was a breach of security, the claims that 38 000 customers were affected is dismissed by the company as "widely inaccurate"
Source: PA. http://ukpress.google.com/article/ALeqM5i4S5CdnTvmSYV2NSjykwxtKRpTcQ

4. The company confirmed all credit card data is encrypted
Source: BBC http://news.bbc.co.uk/1/hi/technology/7446871.stm

5. The security breach was identified in January 2008.
Source: PA http://ukpress.google.com/article/ALeqM5i4S5CdnTvmSYV2NSjykwxtKRpTcQ

6. Barclaycard was contacted as soon as the company learned of the attack, and most affected cards were stopped in January
Source: BBC http://news.bbc.co.uk/1/hi/technology/7446871.stm

GrahamMarshall

I too have recently had two cards cancelled due to Apple I-tunes test purchases. The first one seemed strange as the card had not been used for quite some time and I had only used it for a sort period anyway. There were only a few places I had used both cards online, Cotton Traders being one. I am not happy that I was not made aware of this by Cotton Traders and while I did not loose out financially I was inconvenienced when my second (different provider) was cancelled two days before a business trip with no chance to replace it in time.

James

Using stolen card details is just one side of the story the other is using personal information to obtain credit cards, loans, store cards etc.

Personal information and card details are compromised in many ways.

Here are two very recent examples.

Postie had his Bag PINched (Click here).

Workers Personal Details Revealed (Click here).

What YOU can do to protect yourself (Click here).

What could be done to deter Internet, Phone, Mail Order and Fax Shopping Fraud. (Click here).

Be_Happy

Premier wrote: »

Maybe some comments and their respective sources here might stop the panic in light of the "I shop at Cotton Traders. I've had unauthorised transacations on my credit card. Ergo Cotton Traders are to blame" type of posts.

I thought very carefully before regarding Cotton Traders as the source. However the card I use is a separate Credit Card I use only for internet shopping. I deal with a total of around 20 retailers, all well known reputable names and shop approx 5 times a month on the card.

When my Card Account is attacked after a retailer I shop online regularly with has customer information stolen I consider my suspicions well founded.

As I say I have no problem with Cotton Traders website being hacked, this was unfortunate, but can happen. What I do object to is customers not being notified when the security breach is discovered, so that they can watch their Credit Cards closely. Cotton Traders obviously only thought about the possible damage to their reputation and gave no consideration to customers.

Ximian

This is typical of companies that have had private information stolen. Most companies won't release details or notify customers' of the security breach as by doing so the result would be a loss of faith and trust from existing customer's and potential customers'. Be Happy is right, it's about reputation. I sometimes wonder what is worse: notifying your existing customers' of the security breach or keeping quiet only to be found out later and then come up with bs stories to cya.